Free cookie consent solutions share one common feature. They are not very compliant. This could leave your company website in disarray, should the Data Protection Authorities ask for consent logs from each and every one of your website visitors.
When the GDPR effectively entered into force in May 2018, many companies were in a hurry to get a cookie banner on their website in order to comply with the new data protection regulations.
But according to the GDPR, that’s far from enough.
Why isn’t my free cookie banner compliant with the GDPR?
There are a ton of free cookie banners available on the internet. For example, if you have a WordPress site, there are many free GDPR plugins available to install making you “compliant” in an instant. Also, privacy-tech companies provide free basic solutions if you only have one domain and a short list of subpages.
But common to all are, they are not very compliant. Why? Because they do not collect visitors’ consent, store consent logs (for inspection), provide opt-out options or retain cookies before consent. And consent before processing (of data) is a cornerstone in the GDPR.
So, in essence, what free banners give you is false security.
But why is it necessary to collect consents?
Take a look at which cookies your website uses. Most likely you’ll find cookies from Google Analytics, YouTube, Facebook, Hotjar or perhaps from Doubleclick, Addthis, Googleadservice or many other third-party services implemented on your website in one way or another.
These cookies collect and process your visitors’ personal information (IP-addresses, Geolocation, online identifiers etc.) which is used for directing more personalized ads to them.
If a cookie collects and processes personal information about the internet user, then the user must give his or her explicit consent before your website can store the cookie in the user’s browser.
The GDPR clearly states:
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her
Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
GDPR – Recital 32
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
As seen, consent is imperative to comply with the GDPR. It has to be informed and freely given. This also specifies that cookie walls and data for access are not valid under the GDPR. Users have to be given a choice to reject cookies.
Then what? How does your website become compliant?
Requirements for a professional cookie consent solution
To effectively comply with the GDPR on your company website you must:
- Inform your visitors of cookies.
- Collect a freely given cookie consent.
Consent must be freely given! Silence, pre-ticked boxes and inactivity is not considered consent under the GDPR. Give your users the option of rejecting cookies that collect and process their personal information.
- Retain cookies before consent is obtained.
- Keep consent logs if subject to inspection. If you or your company is subject to inspection by the national Data Protection Authority, they will ask that you provide documentation for each and every consent your users have given – also those who have declined. Be on the safe side, store them all securely.
Sounds complicated? But it’s not.
Go pro with Cookie Information’s Consent Solution
With Cookie Information’s Consent Solution, you can get a completely GDPR compliant cookie solution for your website. It is easy, it is professional, it is secure.
With our Consent Solution, you’ll get:
- Cookie consent pop-up banner (collects cookie consents)
- Privacy controls (cookie opt-out option)
- Log and basic reporting (stores consents if subject to inspection by DPA)
- Monthly scans of your website for cookies
- Knowledge base (Overview of all cookies)
- SDK implementation (retain cookies before consent)
Each users’ consent log is stored for 5 years as required by law. With our Consent Solution the user can always change his or her consent or completely redraw the consent.
Cookie Information also maintains a global Knowledge Base with expert knowledge about first and third-party cookies.
Start a free 30-day trial and try it out today
The Consent Solution works on all CMS systems. If you have WordPress, you can simply install the Consent Solution plugin and register, and there you go. Or you can insert a short code snippet in your website’s <head>.
If you have any problems along the way, we are here to guide you to become GDPR compliant on your website.
Cookie Information’s Consent Solution documentation